You can hover over any of the circles then click for more information about that breach.

This also shows how companies never seem to learn and we are seeing more breaches of a very similar nature to those we were seeing several years ago.

It’s time to learn from our mistakes and actually design and build secure systems, not just tick compliance boxes! This is definitely one of my personal bug-bears, as an example, many companies that must maintain PCI compliance care about this for obvious reason, but too often projects and system owners only care about this and not actually being secure or making systems and ‘non PCI’ data secure. This is despite the payment card industry being very clear that PCI-DSS is the bare minimum standard you must achieve to be permitted to handle card transactions, not the standard you should aim for to be a secure business and keep your customers data secure.

It’s time to get better at communicating the risks to the business and working to ensure secure design and implementation is at the forefront of any solution.